From c1e1f42aad250860fc95ae24714b269b27ea6f7f Mon Sep 17 00:00:00 2001
From: Deeman <hendriknote@gmail.com>
Date: Sat, 28 Feb 2026 21:18:26 +0100
Subject: [PATCH] fix(supervisor): redeploy web app when .env.prod.sops changes

web_code_changed() only checked web/ and Dockerfile, so secret rotations
(updated RESEND_API_KEY, etc.) didn't trigger a container redeploy.
Added .env.prod.sops to the diff so any committed secret change
automatically causes the new .env to be baked into the containers.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/padelnomics/supervisor.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/padelnomics/supervisor.py b/src/padelnomics/supervisor.py
index d5cd8f4..080fa22 100644
--- a/src/padelnomics/supervisor.py
+++ b/src/padelnomics/supervisor.py
@@ -270,9 +270,10 @@ def run_export() -> None:
 
 
 def web_code_changed() -> bool:
-    """Check if web app code changed since last deploy (after git pull)."""
+    """Check if web app code or secrets changed since last deploy (after git pull)."""
     result = subprocess.run(
-        ["git", "diff", "--name-only", "HEAD~1", "HEAD", "--", "web/", "Dockerfile"],
+        ["git", "diff", "--name-only", "HEAD~1", "HEAD", "--",
+         "web/", "Dockerfile", ".env.prod.sops"],
         capture_output=True, text=True, timeout=30,
     )
     return bool(result.stdout.strip())